Microsoft blocks Linux from Windows 8 ARM hardware

Windows 8 will be locked down on ARM hardware, to the point that third-party operating systems simply won't install.

Documentation published by Microsoft regarding the UEFI Secure Boot functionality to be used in Windows 8 suggests that ARM-based systems supplied with the OS, including tablets and laptops, won't be able to run any third-party operating systems.

Microsoft's plans for the UEFI Secure Boot got some attention late last year when it was pointed out that by mandating the use of Secure Boot - which requires any boot-time code to be digitally signed with a unique key - the company appeared to be looking to lock third-party operating systems, such as GNU/Linux, out of PCs entirely.

Microsoft was quick to hit back at such claims, stating categorically that OEMs would provide buyers with the ability to disable the UEFI Secure Boot mode for use with non-signed operating systems. Sadly, it appears that the company missed one vital point from its statement: the fact that ARM-based systems are excluded.

According to the company's latest certification requirements document for Windows 8, while non-ARM systems - traditional desktops and laptops, in other words - will allow a 'custom' mode to be selected that prevents UEFI Secure Boot from blocking third-party unsigned code, the ARM build - for tablets and low-power laptops - must have this feature removed if manufacturers want to be able to put the Windows logo on their products.

'On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enable [sic],' Microsoft's official certification guidelines state, buried on page 116 of a particularly lengthy PDF. 'Disabling Secure [Boot] MUST NOT be possible on ARM systems.'

Microsoft's apparent volte-face on the Secure Boot issue has been met with anger by open-source and free market enthusiasts. 'Unless Microsoft changes its policy, these may be the first PCs ever produced that can never run anything but Windows,' Aaron Williamson of the Software Freedom Law Center explains. 'It is clear now that opportunism, not philosophy, is guiding Microsoft's Secure Boot policy.'

Thus far, Microsoft has not responded to a request for comment on the matter. But with the likes of Qualcomm already promising a range of ARM-based tablets and laptops, a locked-down future could be just around the corner for computing.

Are you disappointed in Microsoft's decision to block open source operating systems, or is the company free to demand whatever concessions it feels like as part of its hardware certification programme? Share your thoughts over in the forums.

Secure Boot and other form of locked bootloaders in the name of security are perfectly fine with me - as long as they provide *ME*, the owner and user of the device, the ability to selectively disable such security provisions if I choose to do so. Going by this, I will only consider buying x86 Windows 8 machines that give me this control in the firmware.

HTC and Sony already provide bootloader unlock tools for those who choose to load custom ROMs on their phones. My Galaxy S is completely unlocked, and has been better off as a result.

Originally Posted by SnipsI don't see a problem with this and neither will the majority of people. It's only the minority enthusiasts market that will moan about it. But why I ask?

For the same reason you moan about Apple's closed garden: it's your hardware; you paid for it, you own it (as opposed to the software on it, of which you only own the right to use it within defined parameters), you want to use it as you see fit.

Thinking about this I would say one of the big reasons for MS to do this would be to stop effective 'jailbreaking' of devices with a hacked version of their OS, no? Since no unauthorised bootloader can run, no hacked os can be installed, meaning no unsigned software will run, locking in revnue for MS. I would say the blocking of installation of a 3rd party open source OS on ARM devices must be an unfortunate/fortunate coincidence. Bravo Bill, well played!

Closed gardens are not just about locking revenue; they are about locking out malware because most people aren't bright enough to mind what they install, and when things go tits-up they blame the machine. You know how people fret over the many viruses out there for Windows. Nobody says: "gosh, I better be a bit careful then and know what I'm doing". Nope, they buy an Apple device instead, because it never has viruses. It has a closed garden.

The implication of this is that vendors will either produce Windows 8 phones or Android phones. Very much a 'with us or against us' from Microsoft. It's a shame really, because a phone that could boot Android and Windows would've been pretty awesome.

Of course, enthusiasts will bemoan the restriction, myself included, but as Snips said, it's only the minority. M$ won't care, the manufacturers that side with them won't care and the majority of people who buy W8 phones won't care.

I however, do care. Getting a bit tired of people like Sony, M$ and Apple telling us what we can and can't do with something we've paid hard earned money for. This is nothing short of a hardware EULA. If I buy a phone and decide I want to use it as a toaster, who the hell are they to stop me?

as a chronic linux user (i'm using it right now), I find this ridiculous that companies are actually supporting this. However, I feel that if there are a small group of big-name companies (lets say Gateway and Acer, which aren't huge but big enough that the average person has heard of them) decided to not support this lock. Windows 8 should still be installalbe as with any other OS. If it becomes an advertised feature, many enthusiasts will go after it, and other manufacturers will realize that supporting a restriction is not helping them.

MS needs to realize that they can't just get into any category they want. To me, the main reason they're doing this is because Linux already has a massive head-start in the ARM department. You can run a very functional linux setup using arm. Also, android, a linux based OS, should be able to be installed on ARM computers while, AFAIK, windows phone OSes cannot. MS is just a bunch of sore loosers.

Originally Posted by BuzzonsUnless I'm massively mistaken you can't dual boot either of the top two selling tablets in the world into anything other than iOS? That clearly hasn't hurt their sales.

Why does it make more of a news story when MS do it using an open standard (Secure boot) than when Apple do it?

actually, you can. people have got android and linux working on iphone before. and besides, it's expected at this point that apple makes such a restriction, but not MS. also, people who care about installing a different OS on a device would rather pay less for an android compatible device which generally would have better hardware.

even back when apple used PPC for their macs, they didn't prohibit you from installing another os on the hardware. BeOS was a major competitor to mac because it worked on PPC. the problem here is MS is telling companies to make the hardware incompatible with other OSes, which is something that not even apple will do.

the crappy thing is an OS cannot be restricted to a specific manufacturer of hardware, however, hardware is allowed to be restricted to a specific OS.

Um, it's really difficult to update some UEFI-based products. ARM-based machines happen to be one of these. Will it be hacked? Possibly, opening the door for lawsuits. It would be far better to simply not purchase them, and support the things that are still open, like Raspberry Pi and BeagleBoard.

Originally Posted by KayinBlackUm, it's really difficult to update some UEFI-based products. ARM-based machines happen to be one of these. Will it be hacked? Possibly, opening the door for lawsuits. It would be far better to simply not purchase them, and support the things that are still open, like Raspberry Pi and BeagleBoard.

That's easy to say until you realise that Raspberry Pi is hilariously slow. Good for learning to program, not good for using.

Originally Posted by schmidtbagthe crappy thing is an OS cannot be restricted to a specific manufacturer of hardware, however, hardware is allowed to be restricted to a specific OS.

Actually, that's not entirely correct. Apple's Operating System (i.e. OS X) EULA states that you may only install it on Apple hardware.. That's an OS being restricted to a specific manufacturer of hardware - their own.

Microsoft has gotten more and more obnoxious over the years. Software locks like this spit in the face of everything they teach you in college programming courses, a good program is supposed to help the user do what they want, and stay out of the way while other programs do the same. I am much more willing to tolerate this sort of all-inclusive environment out of apple, because apple actually makes good software. M$ is only dominant because they are already dominant, they exploit peoples attachment to the familiar rather than try and produce quality software. M$ hasn't made a good non-OS program since they first made Office. and even that was technically an apple product wasn't it? BTW, how long you think it'll take for the linux community to fake a digital signature to get past windows?

Originally Posted by schmidtbagthe crappy thing is an OS cannot be restricted to a specific manufacturer of hardware, however, hardware is allowed to be restricted to a specific OS.

Actually, that's not entirely correct. Apple's Operating System (i.e. OS X) EULA states that you may only install it on Apple hardware.. That's an OS being restricted to a specific manufacturer of hardware - their own.

no, the EULA states it must be an apple BRANDED computer. apple doesn't really manufacture anything electronic, and they don't design much of the electronics either. it is unlawful for them to say you must use a specific motherboard with a specific cpu manufacturer and so on in order to run OSX.
because of this, apple can't sue you for using hackintosh, as long as you actually owned the retail version of OSX, if the computer is apple branded (and yes, stickers count as branding), and as long as you don't distribute the computer with OSX on it. it's still a contract violation, but apple can't sue you over it. they can, however, sue you if you pirated OSX and/or distribute non-apple branded computers with OSX on it.

Yep cant care all to much about this to be honest. I will bet money you will see two versions of the same hardware or a bit different be released from the producer to allow for locked and unlocked UEFI's.

Lets face it this really is pointed towards the new Arm/Win 8 tablets coming. I cant see Arm PC's being that popular and the manufacturers wont bother with Win 8 cert as well as I have said it wont be a massive market outside tablets and phones.

Intel has the desktop market cornered for the now, AMD looks weak for the now and Arm. Sorry I cant see them muscling in all that much.

That brings us back to tablets and phones, I cant say I can think of anyone manufactured tablet or phone that comes with no OS at all. So your going to buy a model depending on the OS installed, so no Win 8 in, no need for a hardware cert.

Also I believe that in the deep dark corners of HP HQ, WebOS was port or made to work on an iPad. The result was part of the reason WebOS and the Touchpad together were seen as a flop.

I would bet that either MS is pre-emptively doing this, or was asked to do this by mobile phone carriers.

Over here locking down phones and tablets is common practice.
Most people don't and will not notice.

I also wouldn't count on many computers having that option. Just one more thing to mess with, and considering they are now skipping HD, caps and numlock indicators on low end laptops now, I don't have a lot of hope of a bios switch or getting most companies to cough up a code to unlock it. A few will, and someone will hack it, but I wouldn't count on it from manufacturers.

The problem here isn't that microsoft is locking the bootloader. They essentially do that with the Xbox 360 (along with a whole host of other things) but that was a device produced in house. To ask other manufacturers to force a locked bootloader screams of desperation in coming to a market way too late. Looks like any arm based devices in the future for me won't be running a legit copy of windows...

If you are of the "don't know/don't care" crowd then thats fine, but you don't get to bitch later when Microsoft decides to shut down services you were using ::cough:: zune ::cough:: and leave you in the dark. Them's the breaks in any walled garden.

It's not the closed OS of Apple I have the problem with Nexxo, it's the closed apps like being tied to iTunes when I want to use Zune and things like that.

Just like with Apple, most people wont care they can't install a dual boot OS since most wont even know how to or understand why they need to.

The enthusiast market is as per the above not too happy about it but lets just wait for Win8 to decide on whether we want a droid or linux boot option. Just like netbooks when they first came out, maybe tablets will finally take off once Microsoft joins the party.

but it's a harder sell because the lines gets blurry between a mobile OS or a full OS like most desktop and laptops. Netbooks couldn't get started until WinXP was added to most and then Win7 helped them finish. Droid tablets are selling because of the mobileOS. When people get the option of something they have on their laptop and desktop, that's when it will pick up. You will still get cheap tablets but some will maybe add some competition to iPads.

Originally Posted by SnipsBut let's be honest, the only player in town is Apple. It will pick up once Win8 comes out, just as long as it's worth it.

It used to be, until Android Gingerbread, which I think has the edge over iOS when it comes to tablets (on the small screen, iOS won out --until Windows Mobile 7 which I think is like garlic bread: taste it, and you realise it's the future). And the latest Asus tablets look pretty good.

I'm really liking what Microsoft is doing with the Win8 Metro interface --if it can keep CPU requirements and battery life reasonable! I have a Motion Computing LE1600 tablet with a Centrino and XP and although it is a beautifully made piece of kit, it has a 3 hour battery life and playing a Youtube video causes it to overheat. No, no, no, no, no...

Originally Posted by NexxoIt used to be, until Android Gingerbread, which I think has the edge over iOS when it comes to tablets (on the small screen, iOS won out --until Windows Mobile 7 which I think is like garlic bread: taste it, and you realise it's the future). And the latest Asus tablets look pretty good.

I'm really liking what Microsoft is doing with the Win8 Metro interface --if it can keep CPU requirements and battery life reasonable! I have a Motion Computing LE1600 tablet with a Centrino and XP and although it is a beautifully made piece of kit, it has a 3 hour battery life and playing a Youtube video causes it to overheat. No, no, no, no, no...

WM7 to me is just awful. I've tried it and it just feels like it was designed by a child. I use my Phone for srs business and all the colours and squares look like they'd be more at home on CBBC than on my screen. The whole Metro interface in my opinion is just a massive step in the wrong direction, I think consumers will see this and W8 will be Vista v2.

I think WP7 is fanastic. It's simple, original and well thought out. The only problem with WP7 has been the lack of apps which has been kicked up a gear since the last update to 7.5 and Nokia coming onboard.

I also use mine for business and I have everything at my control and it looks a lot more class than most droid phones and dare I say the all conquering iPhone

Originally Posted by SnipsBut let's be honest, the only player in town is Apple. It will pick up once Win8 comes out, just as long as it's worth it.

in what category? phones, tablets? android is starting to beat them there. desktop operating systems? microsoft wins there. arm support? linux beats apple and MS there, combined - and that, to me, is what spawned this issue in the first place. linux's ARM support is immense and competitive. the second windows 8 for ARM doesn't do something that windows was able to do since XP, there are going to be pissed-off and confused customers. since many of these people would be forced to find an alternative to the program they are used to, they might as well switch to an OS that has been complete on ARM for a while.

Could you install Win8 on one HDD and Linux on another. Would that work if you altered the boot order in the BIOS?
I'm sure motherboard manufacturers could come up with a way round this, but would MS alter Win8 to recognise that hardware and black list it?

Originally Posted by Madness_3dWM7 to me is just awful. I've tried it and it just feels like it was designed by a child. I use my Phone for srs business and all the colours and squares look like they'd be more at home on CBBC than on my screen. The whole Metro interface in my opinion is just a massive step in the wrong direction, I think consumers will see this and W8 will be Vista v2.

Apart from the fact that I kind of like the whole slightly retro-ish feel (:p) of WP7 I think that the pretty icons that iOS and Android sport are hardly more corporate-looking. The WP7 interface is highly functional on a small screen and won't tax more basic hardware --which is what you need on mobile devices. It scales up well to a tablet. Now they getting away from the primary colours a bit I think it will be functional, minimalistic, clean. And versatile. A bit like Apple used to be before it drove over the skeuomorphic cliff.

Originally Posted by Madness_3dWM7 to me is just awful. I've tried it and it just feels like it was designed by a child. I use my Phone for srs business and all the colours and squares look like they'd be more at home on CBBC than on my screen. The whole Metro interface in my opinion is just a massive step in the wrong direction, I think consumers will see this and W8 will be Vista v2.

You mixed up what looks childish (iPhone) and what does not (Windows Phone 7).

Just being counted as another voice that doesn't give a crap about this ...

I *am* rather interested to see what changes they make to Win8 once it goes to beta.. at present it seems to be a fabulous OS for tablets/phones, but I wouldn't plan on migrating my main desktop PC to it just yet...

Originally Posted by ChaosDefinesOrderHere's a thought: Can't Android/Linux be signed in the same way to utilise the Secure Boot functionality?

Surely that should be possible?

Or does "digitally signed with a unique key" really mean "digitally signed by Microsoft with a unique key from Microsoft"

Whilst it is possible to sign linux/android in the same manner it wont work for many reasons.

The problem here is that manufacturers would need to include the extra keys on the MB or you wont be able to boot into your OS of choice and lets be honest most manufacturers wont bother including multiple keys.

The bigger problem however is that each distro would require a unique key and it would remove the option of custom kernels for tinkerers/developers and those specific needs/wants as they would never have access to the key.

Of course you could argue why not have a public key that all linux users could default to but that defeats the purpose of a using signed kernel in the first place!

I hope the EU gets its act together and goes after Microsoft for being abusing its position again as the dominant player in the OS market as this action can't really be justified in logical way.

Oh and for those of you who don't care please remember that competition drives innovation and improvement so even if you don't personally use or like linux/BSD/etc. you benefit from its existence.

This is an incredible attempt to strongarm a big part of an industry Microsoft doesn't have any part in the achievements of which. Taking an entire industry hostage with a "certification" that has nothing to do with the capabilities or security of their products. What does their bloody certificate have to do with the innovation that has been put into ARM devices, or their capability to work inside (low power) computing devices like smart phones or tablets? Nothing. Microsoft is trying to hijack an entire hardware industry for their purposes, with something as artificial and arbitrary as a "certificate" for their next OS that doesn't make any substantial statement about the actual usability of the hardware. Microsoft = Criminals? This makes me think so.

Basically, because people want to be secure. As ordinary folk are becoming increasingly dependent on computer tech for their communications and financial transactions, they want their devices to work glitch-free and without worry of hijacking by malware or viruses. Ordinary people don't worry about the freedom to mod and tweak as we do. They just want their stuff to work reliably and safely.

The issue with this is exactly the same as with unsigned drivers in x64 Windows, and even worse.

In x64 Windows Vista/7, your drivers need to be signed, or they won't get loaded, and if your app depends on that driver, it won't run. Which is a issue for free apps, because the driver signing key costs a lot.

With Windows 8 and secure boot, it gets even worse. Not only your driver will have to be signed, but Windows 8 will have to pass your driver signature through the UEFI secure boot chain as a valid signature to even allow your driver to load. Depending on how it will work in the final products, it could easily disable alternate drivers. What i mean ?

1) UEFI contains the key for Microsoft - all Microsoft signed stuff will work.
2) UEFI contains the key for specific Windows 8 OEM version - only that OEM version will work, you won't be able to use retail copies either - this could easily happen on Windows 8 ARM tablets.

The next step is loading the drivers, and this is where you can again hit a issue :
1) UEFI contains the key for Microsoft/Windows 8, and then Windows passes through all signatures you allowed in the OS back to the UEFI secure boot, and this way you will achieve same level of driver usage as with current Windows 7, with a bit of additional security until someone figures out how to cheat their way inside the allowed signatures list.
2) UEFI contains the key for OS and for all allowed drivers - this could easily lead to issues like USB sound card not working, because it is not in the hardcoded key list.

In the end, secure boot doesn't bring too much security if you want it work without issues; and it makes too much problems if you want it to achieve real security.

Originally Posted by SnipsLet's see it working before you start calling it Vista2

Considering how the interface works at present, it already is Vista 2.

Seriously, that start menu does not work on a laptop or desktop.

the current version is nowhere near a finished version, it isn't even a beta version yet, it is a preview, many of the fucntions will change between the current preview and the beta, and thenbetween the beta and rtm

Originally Posted by SnipsI don't see a problem with this and neither will the majority of people. It's only the minority enthusiasts market that will moan about it. But why I ask?

Please look beyond! do you think the companies will stop there? they will increase their blockings and force you to pay more and more once and again giving you less in return every time. Would you be happy if tomorrow we tell you that ballots are technically modified to only accept republican votes now on? that any other votes are unable to be processed... it is the same. This is freaking ridiculous and just makes me hate MS, not because of the Open source, but because this is plain evil. period.

Originally Posted by ShakeyJakeHey, if its as heavy-handed as it looks it might actually mean more FOSS users.

Actually, it runs very fast.

Quote:

Originally Posted by RichCreedythe current version is nowhere near a finished version, it isn't even a beta version yet, it is a preview, many of the fucntions will change between the current preview and the beta, and thenbetween the beta and rtm

As I said... "at present".
If it was released right now, it would be the next Vista.